2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR

responses more gracefully. [RT #15941]
2025-08-31 06:25:31 +00:00 · 2006-05-02 04:07:36 +00:00
parent bc1467288a
commit a8f950ff05
2 changed files with 8 additions and 2 deletions
--- a/lib/dns/tsig.c
+++ b/lib/dns/tsig.c
@@ -16,7 +16,7 @@
 */

 /*
- * $Id: tsig.c,v 1.125 2006/03/08 03:51:01 marka Exp $
+ * $Id: tsig.c,v 1.126 2006/05/02 04:07:36 marka Exp $
 */
 /*! \file */
 #include <config.h>
@@ -855,8 +855,11 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,

 	msg->verify_attempted = 1;

-	if (msg->tcp_continuation)
+	if (msg->tcp_continuation) {
+		if (tsigkey == NULL || msg->querytsig == NULL)
+			return (DNS_R_UNEXPECTEDTSIG);
 		return (tsig_verify_tcp(source, msg));
+	}

 	/*
 	 * There should be a TSIG record...